According to a recent IDC survey, conducted on more than 500 CIOs from more than 20 industries around the world, 46 percent of the respondents reported having witnessed at least one ransomware attack in the last three years. This indicates how ransomware has surpassed natural disaster, to become the main reason one needs to be skilled at handling large data restorations. Many years ago, disk system failure, which frequently required a complete restore from scratch, was the primary cause of such restores.
However, situations changed with the introduction of RAID and Erasure Coding, which brought terrorism and natural disasters to the forefront. Nonetheless, unless you lived in a specific disaster-prone area, the likelihood that any one company would experience a natural disaster was actually fairly low.
Is the Company Prepared for an Attack?
May be not.
The survey suggests that organizations who have had an experience of cyberattacks or data loss think highly of their ability to respond to such events in the future. In support of this notion, 85 percent of the respondents, on being asked about their security plans, claimed of having a cyber-recovery playbook for intrusion detection, prevention and response.
While, it is to be taken into consideration that ransomware attacks are ever-evolving, with threat actors implementing a different tactics for the attacks. Thus, it is difficult to conclude that the current data resiliency tools would be highly efficient for all the future ransomware attacks.
These tools however, should have one key objective in common. An efficient tool must be capable of recovering the breached data in a manner that the organization need not have to pay enormous ransom, while also making sure that the data is not lost. Since ransomware attacks are inevitable, data resiliency tool could at least ensure lesser damage from the attacks.
Minimizing Attack Damage
In order to detect a ransomware attack, to respond and to recover from it, one requires several crucial steps and tactics to be followed as given below.
• IT infrastructure could be created in a way to limit the damage of an attack, for example, by forbidding the usage of new domains (preventing command and control) and restricting internal lateral movement (minimizing the ability of the malware to spread internally). However, after ransomware has hit you, you must employ numerous tools, many of which may be automated for greater efficiency.
• Limiting lateral movement in order to halt the IP traffic all at once. If infected systems would not be able to communicate, no further damage would resultingly take place. Once the infected systems are identified and shut down, one can proceed with their disaster recovery phase of bringing infected systems online. Further, ensuring that the recovery systems are themselves not infected.